1 / 30

Header Space Analysis: Static Checking For Networks

Header Space Analysis: Static Checking For Networks . Peyman Kazemian (Stanford University) George Varghese (UCSD, Yahoo Labs) Nick McKeown (Stanford University) November 7 th , 2012 IRTF. Motivation. It is hard to understand and reason about end-to-end behavior of networks:

minty
Download Presentation

Header Space Analysis: Static Checking For Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Header Space Analysis: Static Checking For Networks Peyman Kazemian (Stanford University) George Varghese(UCSD, Yahoo Labs) Nick McKeown (Stanford University) November 7th, 2012 IRTF

  2. Motivation • It is hard to understand and reason about end-to-end behavior of networks: • Can host A talk to host B? • What are all the packet headers from A that can reach B? • Are there any loops or black holes in the network? • Is Slice X isolated totally from Slice Y? • What will happen if I remove an entry from a router?

  3. Motivation • There are two reason for this complexity: • Networks are getting larger. • Network functionality becoming more complex. • Firewalls, ACLs and deep packet inspection MBs. • VLAN and inter-VLAN routing. • Encapsulation (MPLS, GRE). • ToS-based routing. • nondeterministic routing. Application Transport Internet Access

  4. Looking at the other fields Communication Systems: De- Modulation D S Frequency Modulation Antenna Amplifier Antenna Band Pass Filter Cos(wt) Cos(wt)

  5. Header Space Analysis A simple abstraction to model all kinds of forwarding functionalities regardless of specific protocols and implementations.

  6. Header Space FrameworkSimple Observation: a packet is a point in the space of possible headers and a box is a transformer on that space.

  7. Header Space Framework • Step 1 - Model packet header as a point in {0,1}L space – The Header Space Header Data 01110011…1 0xxxx0101xxx L

  8. Header Space Framework • Step 2 – Model all networking boxes as transformer of header space 1101..00 3 Transfer Function: Packet Forwarding 1 1110..00 2 Match Action + + 0xx1..x1 11xx..0x Send to port 3 Rewrite with 1xx011..x1 Send to port 2 Rewrite with 1x01xx..x1

  9. Header Space Framework • Example: Transfer Function of an IPv4 Router • 172.24.74.0 255.255.255.0 Port1 • 172.24.128.0 255.255.255.0 Port2 • 171.67.0.0 255.255.0.0 Port3 1 2 3 (h,1)if dst_ip(h) = 172.24.74.x T(h, p) = (h,2) if dst_ip(h) = 172.24.128.x (h,3) if dst_ip(h) = 171.67.x.x

  10. Header Space Framework • Example: Transfer Function of an IPv4 Router • 172.24.74.0 255.255.255.0 Port1 • 172.24.128.0 255.255.255.0 Port2 • 171.67.0.0 255.255.0.0 Port3 1 2 3 (dec_ttl(h),1)if dst_ip(h) = 172.24.74.x T(h, p) = (dec_ttl(h),2) if dst_ip(h) = 172.24.128.x (dec_ttl(h),3) if dst_ip(h) = 171.67.x.x

  11. Header Space Framework • Example: Transfer Function of an IPv4 Router • 172.24.74.0 255.255.255.0 Port1 • 172.24.128.0 255.255.255.0 Port2 • 171.67.0.0 255.255.0.0 Port3 1 2 3 (rw_mac(dec_ttl(h),next_mac) , 1) if dst_ip(h) = 172.24.74.x T(h, p) = (rw_mac(dec_ttl(h),next_mac) , 2) if dst_ip(h) = 172.24.128.x (rw_mac(dec_ttl(h),next_mac) , 3) if dst_ip(h) = 171.67.x.x

  12. Example Rules: • FWD & RW: rewrite bits 0-2 with value 101 • (h & 000111…) | 101000… • Encapsulation: encap packet in a 1010 header. • (h >> 4) | 1010…. • Decapsulation: decap 1010xxx… packets • (h << 4) | 000…xxxx • Load Balancing: • LB(h,p) = {(h,P1),…(h,Pn)}

  13. Header Space Framework • Properties of transfer functions • Composable: • Invertible: R1 R2 R3 T1(h, p) T3(h, p) T2(h, p) Domain (input) Range (output)

  14. Header Space Framework • Step 3 - Develop an algebra to work on these spaces. • Every object in Header Space, can be described by union of Wildcard Expressions. • We want to perform the following set operations on wildcard expressions: • Intersection • Complementation • Difference

  15. Header Space Framework • Finding Intersection: • Bit by bit intersect using intersection table: • Example: • If result has any ‘z’, then intersection is empty: • Example: • See the paper for how to find complement and difference.

  16. Use Cases of Header Space FrameworkThese are only some example use cases that we developed so far…

  17. Use Cases • Can host A talk to B? All Packets that A can use to communicate with B A T-11 Box 1 Box 2 T2(T1(X,A)) T-12 T-11 T1(X,A) T4(T1(X,A)) T-14 T-13 Box 4 Box 3 B T-13 T3(T2(T1(X,A)) U T3(T4(T1(X,A))

  18. Use Cases • Is there a loop in the network? • Inject an all-x text packet from every switch-port • Follow the packet until it comes back to injection port T1(X,P) Box 2 T2(T1(X,P)) T-12 Box 1 T-13 T-11 Box 3 T-14 Original HS Returned HS T3(T2(T1(X,P))) Box 4 T4(T3(T2(T1(X,P))))

  19. Use Cases • Is the loop infinite? Finite Loop Infinite Loop ?

  20. Use Cases • Are two slices isolated? • What do we mean by slice? • Fixed Slices: VLAN slices • Programmable Slices: slices created by FlowVisor • Why do we care about isolation? • Banks: for added security. • Healthcare: to comply with HIPAA. • GENI: to isolate different experiments running on the same network.

  21. Use Cases • Are two slices isolated? • 1) slice definitions don’t intersect. • 2) packets do not leak. Box 2 Box 1 Box 3 Box 4

  22. Header Space Framework • A Powerful General Foundation that gives us • A common model for all packets • Header Space. • A unified view of almost all type of boxes. • Transfer Function. • A powerful interface for answering different questions about the network. • T(h,p) and T-1(h,p) • Set operations on Header Space

  23. Implementation And Evaluation

  24. Implementation • Header Space Library (Hassel) • Written in Python and C. • Implements Header SpaceClass • Set operations • Implements Transfer Function Class • T and T-1 • Implements Reachability, Loop Detection and Slice Isolation checks. • < 50 lines of code • Includes a Cisco IOS parser, Juniper Junos Parser and OpenFlow table dump parser. • Generates transfer function from CLI output. • Keeps the mapping from Transfer function rule to line number in the CLI output. • Publicly available: git clone https://bitbucket.org/peymank/hassel-public.git

  25. Stanford backbone network ~750K IP fwd rule. ~1.5K ACL rules. ~100 Vlans. Vlan forwarding.

  26. Stanford backbone network • Loop detection test – run time < 10 minutes on a single laptop. Vlan RED Spanning Tree Vlan BLUE Spanning Tree

  27. Performance Performance result for Stanford Backbone Network on a single machine: 4 core, 4GB RAM.

  28. Next Steps • Automatic Test Packet Generation (To appear in CoNEXT 2012). • Uses HSA model to Generate minimum number of test packets to maximally cover all the “rules” in the network. (Data Plane Testing) • One error detected, find the location of error in data plane. • NetPlumber: Real Time Network Policy Checker. • A tool to run HSA-style checks in real time by incrementally updating results as network changes. • Achieve on average, sub-ms run time per update for checking more than 2500 pairwise reachability checks on Google WAN.

  29. Summary • Introduced Header Space Analysis As • A common model for all packets (Header Space). • A unified view of almost all type of boxes. (Transfer Function.) • A powerful interface for answering different questions about the network. (T, T-1, Header Space Set Algebra) • Showed that direct implementation of HSA algorithms scales well to enterprise-size networks.

  30. ThankYou! Questions?

More Related